Anonymous revealed its plans to go after the 13 root DNS servers of the Internet, on March 31, with the purpose of causing a global blackout. However, experts say that this is not so easy to achieve and provide several arguments to sustain their beliefs.

Errata Security’s Robert David Graham provides 6 sound reasons why the attack is unlikely to be successful and his claims are backed up by other veterans of the industry such as Mikko Hypponen and Dan Kaminsky.

What does Anonymous plan to do?

They want to launch a Reflective DNS Amplification DDOS attack on the 13 root servers of the Internet, hosted by organizations such as the Pentagon, ICANN, NASA, US Army Research Lab, ISC, Verisign, University of Maryland, and others.

In theory, these servers basically translate each websites name into the IP addresses assigned to it. For instance, when a user writes www.google.com in the browser’s address bar, the DNS servers translate this into 64.233.167.99 (or whichever is the IP address of nearest server).

The global blackout comes from the fact that if these servers are down, names are not resolved and we won’t be able to access a large number of important websites.

What do experts say?

While in theory it’s true that each time we type in a website’s name in the browser’s address bar the DNS servers are queried, in reality, the requests go through our Internet service provider (ISP) which uses a technology known as caching.

This means that the DNS servers are not sent requests each time when we want to access a site. Instead, the ISP remembers the response from the first lookup and stores it for a period of a few days.

Even if Anonymous could take down the servers, they would have to keep them down for several days until anyone would notice.

Moreover, the administrators of these servers are treating DDOS attacks seriously and they’re always prepared to respond to attacks. By determining the origin of the large number of packets, they can easily block them.

Anycasting, which means that not only one DNS server has a certain IP address, also prevents these attacks. If 20 machines spread throughout the globe have the same IP, the “shock” is absorbed better.

On the other hand, root DNS servers are designed for millions of requests, not to mention that they’re aided by gTLD servers that take upon themselves part of the workload.

Finally, experts claim that a successful DDOS attack on the root DNS serves is possible, but it’s not only hard to achieve, but the results wouldn’t be felt by regular Internet users.

Also, F-Secure’s Mikko Hypponen pointed to a 2007 article from ICANN in which it’s clearly stated that in reality there are not only 13 root servers as the myth says, but over 130 physical locations spread out in many countries of the world.